| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.3.2 sourceware.org 13976385783C |
| Authentication-Results: | sourceware.org; |
| dmarc=none (p=none dis=none) header.from=towo.net | |
| Authentication-Results: | sourceware.org; spf=none smtp.mailfrom=towo AT towo DOT net |
| Subject: | Re: Weird behavior in 'grep'ing for string in /proc/registry... |
| To: | cygwin AT cygwin DOT com |
| References: | <5F55C670 DOT 7030004 AT tlinx DOT org> |
| <758d674d-7501-56ea-7246-894e5c877778 AT SystematicSw DOT ab DOT ca> | |
| From: | Thomas Wolff <towo AT towo DOT net> |
| X-Tagtoolbar-Keys: | D20200907095358609 |
| Message-ID: | <ddc33d3b-3caf-447e-fbd1-e53192eb55bc@towo.net> |
| Date: | Mon, 7 Sep 2020 09:53:58 +0200 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 |
| Thunderbird/68.12.0 | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <758d674d-7501-56ea-7246-894e5c877778@SystematicSw.ab.ca> |
| X-Provags-ID: | V03:K1:dQRCL+DqrWsqEj5C8JKpgHNjxOZS6AGVUvTTjHEQFzfBWffIe2b |
| gJZndNsGAyTFpYXfW3GV0NDmiD+b68A0gUl7TgE5nIhECxOD3Nxe+RuAHyzTrKiGjvN4+rA | |
| AveQlVqx7AKG5W6CNfdEZEXDaOLMvWEM9or1fH6cJ2cWmmQty4gpcf9+jkg2mdrmkkn1BlK | |
| kW9PRF8HQ4VSgGZMOX3Vw== | |
| X-UI-Out-Filterresults: | notjunk:1;V03:K0:dWPdYDHQgJA=:6tqFhDiJMdupGyT1giGHbs |
| QORfAjYsWfa5B1f4hj9PUYXdYrVy+2lukDHM2cVbpPfbjh1Qo6QLCyhGWA6Z9d32Hgp4MiXoy | |
| d8sLL3C0vFOOe7nvvKkSeN1NxE52T0dDrM4n1KeSqz8Qt+C7hdezoWRzE8ngTffKo+c+GxWxW | |
| XEBJJGwmgUBrSvjbNRqKG/JJVgZKtnV4qvZY+f/JhYc06ffiUoF3GLkW0XTxjpd1VyKVrgCj6 | |
| vxcnpbVzS4+gVCIjdUMaP+wJFneZ2MwOrwP7Y86EPonKqetMEsrHpkwFjxmxWV/TgzUh/SbWG | |
| oCyjeNwbCpp79W2ZrStw3OOkjfojEtRBM7SUTc6L2Yx4FDIy8IcURLNO/W8iJx9fLDj+V3BId | |
| Bi/fA2tYOE/iKeml9aoh8Hqq5HOQzpHDc99eKs6o7MyD1Thjv58G3WPl+m872KK2S7EZ1GTBB | |
| Joe/irhyRhzMCeM0SBe+RIzJ3rYeLxt2OmYSn4JWV0qwhCEG8ghfjQhYhbBuF4fnWW2f8SsUB | |
| sw99JyCeySTNYUkX0S1Ws4K/Ut/4l8yEir6arnr/AYMVlUYdBmUC7PZBMKKmnndncxXbyqa9l | |
| 0LVJnStWzWAgAQJ7OtNA439z68JxzLt69strh+uQzhUzhd7S8qhfFnaaFIidHPUHLP5GCOnec | |
| ah7tMDD75abZgV3e/Ow2qajcMDoHnOnh8vLgMHVkwZUficHDM5Wok8LpBOSzB0xi5rn911n9Q | |
| Rkuw4cq34R1ZaM8nPzoRd0UMWBZr5ciE03Lg7iln0o4yonUkXwZAI291GHH+5VZ0zDxlXVTkJ | |
| PrxtXNlgL3tXfRuIzcIeQddsaMl84C55/kN8mA+txdMrUJwjo6GTsqLnC5WvAFa7ddESOvV | |
| X-Spam-Status: | No, score=0.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, |
| KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_ABUSEAT, RCVD_IN_DNSWL_NONE, | |
| RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, | |
| TXREP autolearn=no autolearn_force=no version=3.4.2 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.2 (2018-09-13) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| Errors-To: | cygwin-bounces AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 0877sTri020786 |
Am 07.09.2020 um 09:05 schrieb Brian Inglis: > On 2020-09-06 23:34, L A Walsh wrote: >> In directory >> /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/eventlog >> I wanted to list all the ".dll"s that handled various types of >> events. >> >> I tried >> /bin/grep -Pr '\.dll' >> >> but got a load of bogus error messages: >> >> /bin/grep: Group: Is a directory >> /bin/grep: ImagePath: Is a directory >> /bin/grep: Description: Is a directory >> /bin/grep: ObjectName: Is a directory >> .... >> >> --- >> looking at ImagePath: >>> ll ImagePath >> -r--r----- 1 65 Sep 6 22:06 ImagePath >>> read -r x <ImagePath >>> echo $x >> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted >> >> --- >> Doesn't look like a directory. >> So, bug in 'grep'? >> >> I'm hoping this isn't limited to my machine... > You remember that the /proc/registry.../ entries are only the keys, subkeys, and > values names, not the data contained in them. > > You are doing the equivalent of: > > $ fgrep -r .dll > /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/eventlog/Application/ > 2> /dev/null > > producing nothing but error messages. I reproduced Lindas observation (although not in the folder she mentioned which does not exist here) and in fact there is an inconsistency between `grep -r` reporting "Is a directory" for entries that are not marked as directory by `ls`: .pwd /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Appinfo/Parameters .ls -l insgesamt 0 -r--r----- 1 SYSTEM SYSTEM 34 27. Nov 2019Â ServiceDll -r--r----- 1 SYSTEM SYSTEMÂ 4 27. Nov 2019Â ServiceDllUnloadOnStop .grep -r . grep: ServiceDll: Is a directory grep: ServiceDllUnloadOnStop: Is a directory I checked whether `opendir` marks the d_type fields wrong in the /proc filesystem but that's not it. Thomas > > What you probably want to do is check for the keys, subkeys, and values data > containing .dll names, which is best performed with find and regtool: > > $ find > /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/eventlog/Application/ > -type d -print0 | xargs -0 -l1 regtool list -v | fgrep .dll > DisplayNameFile (REG_EXPAND_SZ) = "%SystemRoot%\system32\wevtapi.dll" > EventMessageFile (REG_SZ) = "C:\Windows\System32\mscoree.dll" > EventMessageFile (REG_SZ) = "C:\Windows\System32\mscoree.dll" > CategoryMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\system32\wevtapi.dll" > CategoryMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wer.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wer.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wersvc.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\system32\ieframe.dll" > CategoryMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\drivers\ati2erec.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\drivers\ati2erec.dll" > ...[90]... > EventMessageFile (REG_SZ) = "C:\Windows\SysWOW64\msvbvm60.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wersvc.dll" > EventMessageFile (REG_EXPAND_SZ) = "%systemroot%\system32\sdengin2.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wer.dll" > CategoryMessageFile (REG_EXPAND_SZ) = "%systemroot%\system32\tquery.dll" > EventMessageFile (REG_EXPAND_SZ) = "%systemroot%\system32\tquery.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\system32\wsepno.dll" > EventMessageFile (REG_SZ) = > "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\ntvdm64.dll" > EventMessageFile (REG_EXPAND_SZ) = "%SystemRoot%\System32\wshext.dll" > > or you could use the Windows reg command directly for more verbose results: > > $ reg query > HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application > /s /d /f "*.dll" > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application > DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET > Runtime > EventMessageFile REG_SZ C:\Windows\System32\mscoree.dll > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET > Runtime Optimization Service > EventMessageFile REG_SZ C:\Windows\System32\mscoree.dll > > ...[104]... > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WMI.NET Provider > Extension > EventMessageFile REG_SZ > C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wow64 > Emulation Layer > EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntvdm64.dll > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WSH > EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll > > End of search: 110 match(es) found. > -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |